1. Field of the Invention
The present invention relates to secure devices such as set-top-boxes in pay-television systems in which access to data within the system needs to be restricted.
2. Description of the Related Art
In many electronic devices, access to data by users and other devices may need to be restricted. For example, in subscriber based systems such as pay-television systems, subscribers gain access to services in the form of broadcasts by making payments to a broadcast service provider. It is therefore desirable to prevent unscrupulous parties from gaining access to those broadcasts without making any payments. In order to prevent unauthorized access to data within systems various security features are used. For example, in pay-television systems, broadcast data is usually broadcast over air and received by a set-top-box in an encrypted form. Cryptographic keys are then used to decrypt the data within the set-top-box. In this example, it is desirable to restrict access to data corresponding to the decryption keys used to decrypt encrypted broadcast data, and also to the decrypted broadcast data itself.
The data present within a secure system such as that described above is usually stored in several different memories and data access within a secure system may be requested by several different parts of the system. A device in the system which requests data access is often referred to as an initiator. Since some initiators may be more vulnerable to hacking than others and since some data sources and destinations may contain more sensitive data than others, we have appreciated that it is desirable to restrict the access that some initiators have to some data sources and destinations.
Often, the initiators and the data sources and destinations are accessed through different types of data buses, having different bandwidths or data transfer protocols for example. In this case, when a data access request is transmitted from an initiator to a data source or destination, it may be necessary to convert the format of the request signals when the request passes between busses. We have appreciated that such a conversion process often causes information relating to the origin of the data access request to be lost so that it is then not possible to restrict data accesses at a data source or destination based on the origin of the data access request.